Privacy Policy

Chat with Sahayogi is a service operated by Sahayogi One Private Limited (“Sahayogi”, “we”, “us”), incorporated in India. We are the data fiduciary for the personal data we collect through this site and the in-product Chat Sahayogi service.

• Account information — name, email, phone, and the business workspace you create or join.
• Inquiry information — the contact details and message you submit through the Talk with Sahayogi form on the marketing site.
• WhatsApp message metadata — when you connect a WhatsApp Business number, we process the message envelopes (sender, recipient, timestamp, template id, delivery status) needed to operate the service. We do not read message bodies for analytics.
• Service logs — IP address, browser user-agent, request timestamps, error traces. Used for security, abuse-prevention, and debugging.
• Billing information — for paid plans, your billing address and GSTIN. Card / UPI details are held by our payment processor (PayU); we never see them.

• To operate the service you signed up for.
• To bill you for the plan tier you chose.
• To comply with Meta’s WhatsApp Business policies.
• To meet our obligations under Indian law (the DPDP Act, the IT Act, tax law).
• To improve the product — aggregate, de-identified metrics only. We do not sell your data.

We share data only with:

• Meta Platforms, when you use WhatsApp Cloud API — message envelopes are sent to Meta to deliver messages.
• Payment processors (PayU and successors) to process subscriptions and top-ups.
• Cloud infrastructure providers (Microsoft Azure, currently the South India region) that host the service.
• Government authorities when required by law, on receipt of a valid order.

We retain your account information for as long as your account is active. Inquiry submissions are kept for 24 months unless you ask us to delete them sooner. WhatsApp message metadata is retained for 90 days for operational troubleshooting, then aggregated.

When you connect a WhatsApp Business Account to our platform, we process the following data on your behalf as a data processor:

• Message content — the body of outbound templates, outbound session messages, and inbound replies. Stored encrypted at rest in Indian data centres for the audit window (seven days by default, configurable per workspace, capped at the data retention period agreed with the operator).
• Message metadata — recipient phone number (E.164 format), template id, message status transitions (queued, sent, delivered, read, failed), error codes from Meta’s API. Retained for 90 days for operational troubleshooting, then aggregated.
• Webhook events — every status update, quality-rating change, and account alert Meta sends to us about your number. Retained for the same audit window as message content.
• Contact opt-in records — for every recipient you add to the platform, the timestamp, source, and consent statement associated with their opt-in. Retained for the lifetime of the contact record or until the operator deletes it.

We do not use WhatsApp message content for any purpose other than processing and delivering the message on your behalf, surfacing the message in your inbox and audit log, and operational troubleshooting on explicit operator request. We do not train models on, sell, or otherwise commercialise message content.

When you disconnect a WhatsApp Business Account, we stop processing new messages immediately and delete the stored credentials within 24 hours. Historical message content and metadata are retained per the retention schedule above unless you request earlier deletion.

• Access — ask us for a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Erasure — ask us to delete your data, subject to legal-retention requirements.
• Grievance — escalate any complaint to our Grievance Officer (contact below).
• Nominate — appoint a nominee to exercise rights on your behalf in the event of death or incapacity.

We use industry-standard controls: TLS for data in transit, encryption at rest for our databases, role-based access control, audit logging, and quarterly penetration tests. No system is perfectly secure — if we discover a breach affecting your data, we’ll notify you and the Data Protection Board within the timelines the DPDP Act requires.

For privacy queries, data access requests, or to reach our Grievance Officer, write to privacy@sahayogione.com. We’ll acknowledge within 5 working days and substantively respond within 30 days.